Developer Tools · Social Platform / SaaS
BuiltBy

BuiltBy: a proof-of-work network where every post is a live, runnable app

A social platform where verified developers showcase working, live products you can actually try not résumés.

A
aa@zencia.ai · 01 July 2026
BuiltBy: a proof-of-work network where every post is a live, runnable app

The problem

A résumé and a GitHub link don't show what a developer can actually build. Recruiters skim CVs, portfolios are static screenshots, and "live demos" are dead links six months later. The one thing that truly proves skill a working product you can click, try, and break has no good home.

BuiltBy's bet: make the running product the unit of proof. A feed where every post is a live, interactive app you can use right in the page, built by a verified developer.

What I built

BuiltBy is a social platform where verified developers publish live products and everyone else discovers, tries, and follows them. A builder can ship a project three ways:

Upload a built frontend it runs live, sandboxed, in the feed.

Import a GitHub repo the app pulls, hosts, and boots the demo automatically.

Link a live URL an already-deployed app is embedded, or gracefully linked when the site blocks embedding.

Around that core sits a full social layer: profiles, follows, likes, comments, real-time notifications, direct messaging, discovery/explore, a curated component library, a leaderboard, and an admin console built solo on Next.js and Firebase.

The hard problems and how I solved them

  1. Running untrusted apps safely. The product hinges on running other people's code in my page without compromising anyone. Uploaded projects run inside sandboxed iframes on an isolated, opaque origin, so malicious code can't reach the host's cookies, storage, or DOM.
  2. Embedding sites that refuse to be embedded. Some live URLs send X-Frame-Options: DENY and CSP frame-ancestors none, which the browser blocks with no client-side override. Instead of a broken frame, I detect the framing headers server-side, store an embeddable flag per project, and fall back to a clean "Open live demo" card everywhere the demo appears.
  3. GitHub repo to live demo. A server route resolves the repo's default branch, walks its file tree, filters to web-servable files, enforces size limits, and re-hosts it then picks the entry HTML to boot the demo.
  4. Trust as a feature. Developers verify via GitHub; companies via a business-email flow gated across UI, API, and database rules. The verified badge means something because publishing is gated.

Key decisions

The feed stays pure 100% builder proof-of-work; other activity lives on separate surfaces so it never becomes ad noise.

Usage over vanity a Build Score weighs tried it, came back, and time spent above raw likes, because "did people actually use it" is the honest signal.

Security boundaries are product constraints half the hardest problems were about respecting browser security rules and designing graceful fallbacks around them, not fighting them.

Stack

Next.js App Router, TypeScript, Firebase Auth, Firestore, Storage, Tailwind CSS, Vercel.


Try it live

https://builtby.in/